Session Mechanism: A technique commonly used in web programs to track a user's entire session. Commonly used session tracking technologies are cookies and sessions. Cookie determines user identity by recording information on the client side, and Session determines user identity by recording information on the server side.
Cookie technology is the solution for the client. Cookie is the special information sent by the server to the client, and this information is stored in the client in the form of text files, and then the client will bring these special information every time it sends a request to the server. . Let's be more specific: when a user uses a browser to visit a website that supports cookies, the user provides personal information including user name and submits it to the server; then, the server sends back the corresponding timeout to the client. These personal information will also be sent back with the text. Of course, this information is not stored in the HTTP response body (Response Body), but is stored in the HTTP response header (Response Header); when the client browser receives the message from the server. After responding, the browser will store this information in a unified location. Since then, when the client sends a request to the server, it will send the corresponding cookie back to the server again. This time, the cookie information is stored in the HTTP request header (Request Header). With the technical implementation of cookies, after the server receives the request from the client browser, it can obtain the client-specific information by analyzing the cookie stored in the request header, thereby dynamically generating the content corresponding to the client. Usually, we can see options like "remember me" from the login interface of many websites. If you check it and then log in, then you don't need to repeat and tedious login the next time you visit the website Action, and this function is achieved through Cookie.
Session principle: First, when the browser requests the server to access the web site, when the program needs to create a session for the client's request, the server will first check whether the client request already contains a session identifier, called SESSIONID, if it already contains a session ID sessionid indicates that a session has been created for the client before, and the server retrieves the session according to the sessionid for use. If the client request does not contain the session id, the server creates a session for the client and generates a session associated with this session. The session id, the value of sessionid should be a string that is neither repeated nor easy to be imitated. This sessionid will be returned to the client to save in this response. The way to save this sessionid can be a cookie , so that in the process of interaction, the browser can automatically send the identifier back to the server according to the rules, and the server can find the corresponding session according to the sessionid, and return to the beginning of this text.
The working principle of the session is to rely on the cookie for support. The session is created when request.getSession() is used for the first time, and a unique sessionid will be created for the session and stored in the cookie, and then sent to the browser and the browser. Every time a request is made, this sessionid will be carried, and the server will recognize the sessionid, and if it knows the sessionid, it can find which session. In order to achieve the purpose of sharing data. It should be noted here that the session will not die when the browser is closed, but will wait for the timeout period.
Session is a data structure saved on the server to track the state of the user. This data can be saved in clusters, databases, and files;
Cookie is a mechanism for the client to save user information, which is used to record some information about the user. It is also a way to implement Session.